General discussion

Locked

backdoor.nibu

By tuqeirahmad ·
We have six server one ADC and one Exchange Server 2000 and four other server all servers have installed Norton Antivirus Corporat Edition my antivirus found a virus "Backdoor.Nibu" but cannot remove it even I installed update defination file pls tell me what i do as soon as possibale

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by williamoshea In reply to backdoor.nibu

Boot into safe mode and manually remove the virus.

Collapse -

by tuqeirahmad In reply to

Poster rated this answer.

Collapse -

by drsysadmin In reply to backdoor.nibu

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.html


Follow the steps listed - or simply delete all infected files, replacing them with valid files, edit the registry and win.ini files as required. If you cannot do an automatic cleaning, your reduced to doing it the old fashioned way.

Luck,
Dr. Sys

Collapse -

by tuqeirahmad In reply to

Poster rated this answer.

Collapse -

by matherg In reply to backdoor.nibu

To manually delete this virus from a WIN2K server:

1. Go to your registry editor; type regedit at your Run command.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run; hightlight run
3. in the right pane delete the value: "load32" = "%System%\load32.exe"
4. Exit the editor
5. Run a full system scan and delete all the files detected as Backdoor.Nibu or Keylogger.Trojan.
6. Using Windows Explorer, navigate to the %Windir% directory and delete the dxdload.log file

Caution! Use extreme care when editing the registry. I would backup the registry just incase. Go to Start, Programs, Accessories, System Tools Backup; start the wizard and select System State Data.The rest is self explanatory.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums